Vulnerability in Embedthis Goahead
CVE-2021-43298
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte…
EPSS: 0.003 (54.7th percentile) — read the EPSS interpretation.
Affected products
- Embedthis Goahead — versions unspecified
Weakness classification (CWE)
References
- github.com/embedthis/goahead/issues/304 (x_refsource_MISC)